Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Damage:Sent by email. 
VDF Version: 

DistributionVBS/Lee-ATX spreads via Outlook, using the Outlook Address Book or via chta program mIRC and/or PIRCH. An email sent by the worm looks like this:

Antrax Info

The email body can vary according to the version. The text can be the following:

- si no sabes que es el antrax o cuales son suss efectos aqui te mando una foto para que veas los efectos que tiene
Nota: la foto esta un poco fuerte
- Aqui te mando este documento para que sepas que es y cuales son effectos des „Antrax“
- como ahorita esta de moda hablar sobre el antrax aqui les mando una foto de un enfermo terminal



Technical DetailsVBS/Lee-ATX sends itself to all email addresses found in Outlook Address Book.
When the attachment is opened, first the worm copies itself in Windows system directory as ANTRAXINFO.VBS. Then, the worm modifies the registry, so that it is activated by Windows start:

HKML\Software\Microsoft\Windows\CurrentVersion\Run\antraxinfo =“wscript.exe C:\Windows\System\antraxinfo.vbs %“

The worm tries to send itself by email, using Outlook Address Book, to all entries found in it. After doing this, the worm makes the following registry entry:

HKCU\Software\Antrax\Mailed = “1“

If the worm finds the mIRC chat program on C:\MIRC or C:\MIRC32, it searches for MIRC.INI file in these directories and if found, creates SCRIPT.INI file and makes the registry entry:

HKCU\Software\Antrax\Mirqued = “1“

If the worm finds Pirch chat program on C:\PIRCH or C:\PIRCH32, it creates EVENTS.INI file, for ensuring that the ANTRAXINFO.VBS will be sent by Pirch when it is next launched. Then, the following registry entry is made:

HKCU\Software\Antrax\Pirched = “1“

If VBS/Lee-ATX is opened on January 26th, a message window appears:
Antrax Worm By wAsEk

All .VBS and .VBE files will be overwritten with the virus code.
Описание добавил Crony Walker в(о) вторник, 15 июня 2004 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.